Ransomware: To Pay or Not to Pay Ransom?

It’s no news that ransomware is big business. The FBI puts the cost of ransoms paid out in 2016 to almost $1 billion. And given how profitable this business model is, it’s poised to get worse. So what to do if you’re hit with ransomware? From a business perspective, it’s an easy call. When you’re working with a reliable and helpful IT provider (that works with StorageCraft, shameless plug), you place one call and he’ll have you back up and running. You’ve got a recent backup and he’ll restore your files. It’s like you never clicked on that link advertising cool free stuff. But what to do if you’re out on your own?

To pay or not to pay, that is the question! Let’s explore the case and see what you can do if you have your files encrypted by ransomware.

Ransomware, the Never Ending Story

Ransomware seems like a never-ending story, for news outlets. If you’re lucky enough not to know what we’re talking about, the concept is pretty simple. A piece of software installs itself on your computer and encrypts all of your files. Owners of this malicious code will demand you to pay a ransom sum before they give you the key that will un-encrypt your computer.

A Trend Micro report from 2016 showed the company systems blocked around 80 million ransomware threats in the first part of the year.

Another Symantec report showed that the average amount asked for ransom in each attack was $1,077 in 2017. That doesn’t mean you will pay this amount every time your files are encrypted. It might be less or more, depending on your luck, or what you’re worth.

Should You Pay Ransom? In Short: Please, Don’t!

If you are considering paying ransom to get your files back, you might want to read the FBI guide to dealing with ransomware. The guide doesn’t explicitly advise whether to pay the ransom or not, but it does mention a few strategies to keep ransomware off your computer:

Have updated antivirus software and a pop-up blocker;

Make sure you have strong passwords and don’t click on suspicious links;

Keep systems and software updated with the latest patches, as this lessens the risk of vulnerabilities;

Keep frequent backups of your data and test backups often;

Have at least one backup copy offline and disconnected from other devices.

The FBI also has a brochure that is dedicated to ransomware, and adds that having a backup is one of the most important things you can do to protect yourself. So if you’re still debating whether to get backup software, this is one more reason to get one.

Here at StorageCraft, we make the best possible data protection software and would advise you to first invest in proper backup solutions, before ever considering to pay up a ransom for your data.

Like any other software, ransomware can be cracked like a puzzle. Security experts can find the decryption keys to gain access to your files, and will sometimes post these keys online for anyone to find. So before you part with your money, check online to see if the ransomware strain that has infected you is an old one, that someone has already found keys to.

Nomoreransom.org is a website that is backed by security firms and cybersecurity experts in 22 countries, and might have the solution to your problem. Just upload one of the encrypted files to the CryptoSheriff page, and see if they have the keys. BleepingComputer.com also has some very useful virus removal guides you might want to read.

But if You Do Pay, Make Sure You Get a Discount

As usual, we advise anyone to work with an IT provider and get the latest, state-of-the art data protection software to make sure you never have to pay ransom. But if you really are in a jam and you do decide to pay the ransom, you might as well get a discount.

Most of the time, the data kidnappers will send you an email demanding a certain sum for your files. Recent reports show that some are actually willing to negociate, and users will rarely pay the full amount requested. So if you really can’t afford to live without your data and you need to pay ransom – make them work for it. You might end up paying less if you haggle.

You’ve Been Warned! You Might Not Get Your Files Back!

This should go without saying, but when your files are encrypted, you’re dealing with criminals. And where there are criminals, there’s a huge risk something will go wrong – even if you follow instructions to the letter.

A Trend Micro report shows that two thirds of companies that are hit with ransomware choose to pay the amount requested. However, that’s not always helpful. One in five companies never got their data back, even if they paid the ransom. The report states a few reasons why companies chose to pay the ransom:

fear of being fined for losing important data;

losing highly confidential information;

they do not wish to go public with the data breach.

In some cases, you can ask the kidnappers to un-encrypt just one of your files, so they can prove they are able to decrypt the data. Sometimes they may be willing to do this, to convince you to pay the ransom.

So What Can I do?

If you’re still scratching your head about the ransom, there’s a few things you can do to approach the issue. You can file a complaint with the FBI’s cybercrime division. They will explain what the options are and allow you to make a decision. You can contact a security professional or IT consultant, to provide advice based on your individual situation.

Or, you can restore your files from a recent backup, if you have one. Good luck!

IT News: The Recovery Zone is an online publication designed to bring MSPs, VARs, and IT pros together to reach a common goal: to build better IT businesses. We’re sponsored by backup and disaster recovery leader StorageCraft® Technology Corporation, but we’re nothing like the corporate blogs you’ve seen in the past.